** Changed in: atril (Ubuntu Bionic)
Status: Confirmed => Fix Released
** Changed in: atril (Ubuntu Artful)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1735418
Title:
[CVE] Command injection with cbt files
Status in atril package in Ubuntu:
Fix Released
Status in atril source package in Xenial:
Confirmed
Status in atril source package in Zesty:
Confirmed
Status in atril source package in Artful:
Fix Released
Status in atril source package in Bionic:
Fix Released
Bug description:
backend/comics/comics-document.c (aka the comic book backend) in GNOME
Evince before 3.24.1 allows remote attackers to execute arbitrary commands
via a .cbt file that is a TAR archive containing a filename beginning with
a "--" command-line option substring, as demonstrated by a
--checkpoint-action=exec=bash at the beginning of the filename.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/atril/+bug/1735418/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
